Skip to content

Automatically exported from code.google.com/p/mod-auth-token

License

Notifications You must be signed in to change notification settings

ragaller/mod-auth-token

Repository files navigation

  This module uses token based authentication to secure downloads 
  and prevent deep-linking. 

  Have your script or servlet generate a token to authenticate the 
  download and let Apache handle the file transfer without having 
  to pipe it through a script for security.
  
  You can find downloads, daily snapshots and support information at
   http://code.google.com/p/mod-auth-token/ 

USAGE

  The token is an hex-encoded MD5 hash of the 
  secret password, relative file path and the timestamp. It is 
  encoded onto the URI as:

    <uri-prefix><token>/<timestamp-in-hex><rel-path>

  For example
  
    /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt

  where the token is generated as 

    md5("secret" + "/path/to/file.txt" + dechex(time_now()))
  you can add in the md5 hash the ip (and not the hostname) of the client to limit by ip. If you do so, enable AuthTokenLimitByIp in the config file of apache

  with the following configuration in httpd.conf

    <Location /protected/>
      AuthTokenSecret       "secret"
      AuthTokenPrefix       /protected/
      AuthTokenTimeout      60
	    AuthTokenLimitByIp	  off
    </Location

  The actual file would be located in
  
    /protected/path/to/file.txt

CREDITS

  Implementation ideas were taken from mod_secdownload for LIGHTTPD
    - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload

About

Automatically exported from code.google.com/p/mod-auth-token

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published